diff --git a/Makefile b/Makefile
index 4bcc64c59..45f6c99a4 100644
--- a/Makefile
+++ b/Makefile
@@ -18,8 +18,7 @@
# Make will use bash instead of sh
SHELL := /usr/bin/env bash
-# Pin to 1.3.9 per https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/issues/1208
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.8
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.10
DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
REGISTRY_URL := gcr.io/cloud-foundation-cicd
DOCKER_BIN ?= docker
diff --git a/README.md b/README.md
index 7e51d76f5..3dad3a791 100644
--- a/README.md
+++ b/README.md
@@ -207,7 +207,6 @@ Then perform the following commands on the root folder:
| service\_external\_ips | Whether external ips specified by a service will be allowed in this cluster | `bool` | `false` | no |
| shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. | object({
metadata = string
}) | {
"metadata": "INCLUDE_ALL_METADATA"
} | no |
| shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
-| skip\_provisioners | Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl
index dc5bc2f07..d18f7a1d7 100644
--- a/autogen/main/cluster.tf.tmpl
+++ b/autogen/main/cluster.tf.tmpl
@@ -135,12 +135,12 @@ resource "google_container_cluster" "primary" {
content {
service_account = local.service_account
oauth_scopes = local.node_pools_oauth_scopes["all"]
-
+
management {
auto_repair = lookup(var.cluster_autoscaling, "auto_repair", true)
auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade",true)
}
-
+
{% if beta_cluster %}
min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "")
{% endif %}
@@ -309,7 +309,7 @@ resource "google_container_cluster" "primary" {
{% endif %}
}
{% if autopilot_cluster != true %}
-
+
datapath_provider = var.datapath_provider
{% endif %}
diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl
index ce599c65b..da8d6d28c 100644
--- a/autogen/main/main.tf.tmpl
+++ b/autogen/main/main.tf.tmpl
@@ -68,7 +68,7 @@ locals {
resource_type = "memory"
minimum = var.cluster_autoscaling.min_memory_gb
maximum = var.cluster_autoscaling.max_memory_gb
- }], var.cluster_autoscaling.gpu_resources) : []
+ }], var.cluster_autoscaling.gpu_resources) : []
{% endif %}
@@ -77,12 +77,14 @@ locals {
network_project_id = var.network_project_id != "" ? var.network_project_id : var.project_id
zone_count = length(var.zones)
cluster_type = var.regional ? "regional" : "zonal"
+{% if autopilot_cluster != true %}
// auto upgrade by defaults only for regional cluster as long it has multiple masters versus zonal clusters have only have a single master so upgrades are more dangerous.
{% if beta_cluster %}
// When a release channel is used, node auto-upgrade are enabled and cannot be disabled.
default_auto_upgrade = var.regional || var.release_channel != null ? true : false
{% else %}
default_auto_upgrade = var.regional ? true : false
+{% endif %}
{% endif %}
cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null
@@ -133,14 +135,12 @@ locals {
}]
{% endif %}
- cluster_output_name = google_container_cluster.primary.name
cluster_output_regional_zones = google_container_cluster.primary.node_locations
- cluster_output_zonal_zones = local.zone_count > 1 ? slice(var.zones, 1, local.zone_count) : []
cluster_output_zones = local.cluster_output_regional_zones
{% if private_cluster %}
- cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config.0.private_endpoint : google_container_cluster.primary.private_cluster_config.0.public_endpoint) : google_container_cluster.primary.endpoint
- cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config.0.peering_name : null
+ cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
+ cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
cluster_endpoint_for_nodes = var.master_ipv4_cidr_block
{% else %}
cluster_endpoint = google_container_cluster.primary.endpoint
@@ -152,17 +152,18 @@ locals {
cluster_output_min_master_version = google_container_cluster.primary.min_master_version
cluster_output_logging_service = google_container_cluster.primary.logging_service
cluster_output_monitoring_service = google_container_cluster.primary.monitoring_service
- cluster_output_network_policy_enabled = google_container_cluster.primary.addons_config.0.network_policy_config.0.disabled
- cluster_output_http_load_balancing_enabled = google_container_cluster.primary.addons_config.0.http_load_balancing.0.disabled
- cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config.0.horizontal_pod_autoscaling.0.disabled
- cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : false
+{% if autopilot_cluster != true %}
+ cluster_output_network_policy_enabled = google_container_cluster.primary.addons_config[0].network_policy_config[0].disabled
+{% endif %}
+ cluster_output_http_load_balancing_enabled = google_container_cluster.primary.addons_config[0].http_load_balancing[0].disabled
+ cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config[0].horizontal_pod_autoscaling[0].disabled
+ cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false
{% if beta_cluster %}
# BETA features
- cluster_output_istio_disabled = google_container_cluster.primary.addons_config.0.istio_config != null && length(google_container_cluster.primary.addons_config.0.istio_config) == 1 ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : false
- cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config.0.enabled : false
+ cluster_output_istio_disabled = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false
+ cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config[0].enabled : false
cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility
- cluster_output_identity_service_enabled = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config.0.enabled : false
# /BETA features
{% endif %}
@@ -176,11 +177,11 @@ locals {
[for np in google_container_node_pool.pools : np.name], [""],
[for np in google_container_node_pool.windows_pools : np.name], [""]
)
-
+
cluster_output_node_pools_versions = merge(
{ for np in google_container_node_pool.pools : np.name => np.version },
{ for np in google_container_node_pool.windows_pools : np.name => np.version },
- )
+ )
{% endif %}
cluster_master_auth_list_layer1 = local.cluster_output_master_auth
@@ -221,7 +222,9 @@ locals {
# BETA features
cluster_istio_enabled = ! local.cluster_output_istio_disabled
cluster_dns_cache_enabled = var.dns_cache
+ {% if autopilot_cluster != true %}
cluster_telemetry_type_is_set = var.cluster_telemetry_type != null
+ {% endif %}
cluster_pod_security_policy_enabled = local.cluster_output_pod_security_policy_enabled
cluster_intranode_visibility_enabled = local.cluster_output_intranode_visbility_enabled
confidential_node_config = var.enable_confidential_nodes == true ? [{ enabled = true }] : []
diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl
index c0f83fba1..c4f44dfcc 100644
--- a/autogen/main/variables.tf.tmpl
+++ b/autogen/main/variables.tf.tmpl
@@ -102,12 +102,14 @@ variable "service_external_ips" {
default = false
}
+{% if autopilot_cluster != true %}
variable "datapath_provider" {
type = string
description = "The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature."
default = "DATAPATH_PROVIDER_UNSPECIFIED"
}
+{% endif %}
variable "maintenance_start_time" {
type = string
description = "Time window specified for daily or recurring maintenance operations in RFC3339 format"
@@ -335,7 +337,7 @@ variable "configure_ip_masq" {
default = false
}
-{% if beta_cluster %}
+{% if beta_cluster and autopilot_cluster != true%}
variable "cluster_telemetry_type" {
type = string
description = "Available options include ENABLED, DISABLED, and SYSTEM_ONLY"
@@ -343,6 +345,7 @@ variable "cluster_telemetry_type" {
}
{% endif %}
+{% if autopilot_cluster != true%}
variable "logging_service" {
type = string
description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none"
@@ -355,6 +358,7 @@ variable "monitoring_service" {
default = "monitoring.googleapis.com/kubernetes"
}
+{% endif %}
variable "create_service_account" {
type = bool
description = "Defines if service account specified to run nodes should be created."
@@ -397,11 +401,6 @@ variable "cluster_resource_labels" {
default = {}
}
-variable "skip_provisioners" {
- type = bool
- description = "Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality."
- default = false
-}
{% if private_cluster %}
variable "deploy_using_private_endpoint" {
@@ -697,6 +696,7 @@ variable "enable_kubernetes_alpha" {
variable "istio" {
description = "(Beta) Enable Istio addon"
+ type = bool
default = false
}
@@ -720,12 +720,14 @@ variable "config_connector" {
variable "cloudrun" {
description = "(Beta) Enable CloudRun addon"
+ type = bool
default = false
}
variable "cloudrun_load_balancer_type" {
description = "(Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer."
- default = ""
+ type = string
+ default = ""
}
variable "enable_pod_security_policy" {
diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl
index 2f3b3861d..62620f912 100644
--- a/autogen/main/versions.tf.tmpl
+++ b/autogen/main/versions.tf.tmpl
@@ -22,6 +22,10 @@ terraform {
{% if beta_cluster %}
required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.51.0, < 5.0"
+ }
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.51.0, < 5.0"
@@ -30,6 +34,10 @@ terraform {
source = "hashicorp/kubernetes"
version = "~> 2.10"
}
+ random = {
+ source = "hashicorp/random"
+ version = ">= 2.1"
+ }
}
provider_meta "google-beta" {
module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v25.0.0"
@@ -44,6 +52,10 @@ terraform {
source = "hashicorp/kubernetes"
version = "~> 2.10"
}
+ random = {
+ source = "hashicorp/random"
+ version = ">= 2.1"
+ }
}
provider_meta "google" {
module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v25.0.0"
diff --git a/autogen/safer-cluster/main.tf.tmpl b/autogen/safer-cluster/main.tf.tmpl
index eef4673c8..2b6926483 100644
--- a/autogen/safer-cluster/main.tf.tmpl
+++ b/autogen/safer-cluster/main.tf.tmpl
@@ -26,6 +26,7 @@ module "gke" {
{% endif %}
project_id = var.project_id
name = var.name
+ description = var.description
regional = var.regional
region = var.region
zones = var.zones
@@ -188,8 +189,6 @@ module "gke" {
enable_shielded_nodes = var.enable_shielded_nodes
- skip_provisioners = var.skip_provisioners
-
gce_pd_csi_driver = var.gce_pd_csi_driver
filestore_csi_driver = var.filestore_csi_driver
diff --git a/autogen/safer-cluster/variables.tf.tmpl b/autogen/safer-cluster/variables.tf.tmpl
index 3820987fd..77b185024 100644
--- a/autogen/safer-cluster/variables.tf.tmpl
+++ b/autogen/safer-cluster/variables.tf.tmpl
@@ -306,6 +306,7 @@ variable "master_ipv4_cidr_block" {
variable "istio" {
description = "(Beta) Enable Istio addon"
+ type = bool
default = false
}
@@ -341,6 +342,7 @@ variable "cluster_dns_domain" {
variable "default_max_pods_per_node" {
description = "The maximum number of pods to schedule per node"
+ type = number
default = 110
}
@@ -355,6 +357,7 @@ variable "database_encryption" {
variable "cloudrun" {
description = "(Beta) Enable CloudRun addon"
+ type = bool
default = false
}
@@ -364,18 +367,6 @@ variable "resource_usage_export_dataset_id" {
default = ""
}
-variable "enable_network_egress_export" {
- type = bool
- description = "Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic."
- default = false
-}
-
-variable "enable_resource_consumption_export" {
- type = bool
- description = "Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export."
- default = true
-}
-
variable "enable_cost_allocation" {
type = bool
description = "Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery"
@@ -424,12 +415,6 @@ variable "enable_private_endpoint" {
default = true
}
-variable "skip_provisioners" {
- type = bool
- description = "Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality."
- default = false
-}
-
variable "enable_pod_security_policy" {
type = bool
description = "enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created."
diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml
index f549e0cba..e50738bc0 100644
--- a/build/int.cloudbuild.yaml
+++ b/build/int.cloudbuild.yaml
@@ -511,6 +511,6 @@ tags:
- 'integration'
substitutions:
_DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
- _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.8'
+ _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.10'
options:
machineType: 'N1_HIGHCPU_8'
diff --git a/build/lint.cloudbuild.yaml b/build/lint.cloudbuild.yaml
index e96b7c24c..b163e1357 100644
--- a/build/lint.cloudbuild.yaml
+++ b/build/lint.cloudbuild.yaml
@@ -22,7 +22,7 @@ tags:
- 'lint'
substitutions:
_DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
- _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.8'
+ _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.10'
options:
machineType: 'N1_HIGHCPU_8'
env:
diff --git a/examples/simple_autopilot_private_non_default_sa/main.tf b/examples/simple_autopilot_private_non_default_sa/main.tf
index e8368eb02..cacdf508f 100644
--- a/examples/simple_autopilot_private_non_default_sa/main.tf
+++ b/examples/simple_autopilot_private_non_default_sa/main.tf
@@ -48,7 +48,6 @@ module "gke" {
enable_private_endpoint = true
enable_private_nodes = true
master_ipv4_cidr_block = "172.16.0.0/28"
- datapath_provider = "ADVANCED_DATAPATH"
master_authorized_networks = [
{
diff --git a/examples/simple_regional/README.md b/examples/simple_regional/README.md
index fdb4cba6e..ff250928d 100644
--- a/examples/simple_regional/README.md
+++ b/examples/simple_regional/README.md
@@ -15,7 +15,6 @@ This example illustrates how to create a simple cluster.
| network | The VPC network to host the cluster in | `any` | n/a | yes |
| project\_id | The project ID to host the cluster in | `any` | n/a | yes |
| region | The region to host the cluster in | `any` | n/a | yes |
-| skip\_provisioners | Flag to skip local-exec provisioners | `bool` | `false` | no |
| subnetwork | The subnetwork to host the cluster in | `any` | n/a | yes |
## Outputs
diff --git a/examples/simple_regional/main.tf b/examples/simple_regional/main.tf
index e5aa34859..3b1f43fdd 100644
--- a/examples/simple_regional/main.tf
+++ b/examples/simple_regional/main.tf
@@ -40,5 +40,4 @@ module "gke" {
service_account = var.compute_engine_service_account
enable_cost_allocation = true
enable_binary_authorization = var.enable_binary_authorization
- skip_provisioners = var.skip_provisioners
}
diff --git a/examples/simple_regional/variables.tf b/examples/simple_regional/variables.tf
index b60c83ed5..f3082fee8 100644
--- a/examples/simple_regional/variables.tf
+++ b/examples/simple_regional/variables.tf
@@ -47,12 +47,6 @@ variable "compute_engine_service_account" {
description = "Service account to associate to the nodes in the cluster"
}
-variable "skip_provisioners" {
- type = bool
- description = "Flag to skip local-exec provisioners"
- default = false
-}
-
variable "enable_binary_authorization" {
description = "Enable BinAuthZ Admission controller"
default = false
diff --git a/examples/simple_regional_beta/README.md b/examples/simple_regional_beta/README.md
index 5294ce6fe..3d6191cf6 100644
--- a/examples/simple_regional_beta/README.md
+++ b/examples/simple_regional_beta/README.md
@@ -10,7 +10,6 @@ This example illustrates how to create a simple cluster with beta features.
| cluster\_name\_suffix | A suffix to append to the default cluster name | `string` | `""` | no |
| compute\_engine\_service\_account | Service account to associate to the nodes in the cluster | `any` | n/a | yes |
| database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | [
{
"key_name": "",
"state": "DECRYPTED"
}
]
| no |
-| datapath\_provider | The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no |
| dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | `bool` | `false` | no |
| enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no |
| enable\_pod\_security\_policy | enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created. | `bool` | `false` | no |
diff --git a/examples/simple_regional_beta/variables.tf b/examples/simple_regional_beta/variables.tf
index fdbe18eef..04ac6dc19 100644
--- a/examples/simple_regional_beta/variables.tf
+++ b/examples/simple_regional_beta/variables.tf
@@ -113,9 +113,3 @@ variable "regional" {
description = "Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!)"
default = true
}
-
-variable "datapath_provider" {
- type = string
- description = "The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature."
- default = "DATAPATH_PROVIDER_UNSPECIFIED"
-}
diff --git a/examples/simple_regional_with_gateway_api/README.md b/examples/simple_regional_with_gateway_api/README.md
index ca82e650c..1bd3c1930 100644
--- a/examples/simple_regional_with_gateway_api/README.md
+++ b/examples/simple_regional_with_gateway_api/README.md
@@ -16,7 +16,6 @@ This example illustrates how to create a simple cluster.
| network | The VPC network to host the cluster in | `any` | n/a | yes |
| project\_id | The project ID to host the cluster in | `any` | n/a | yes |
| region | The region to host the cluster in | `any` | n/a | yes |
-| skip\_provisioners | Flag to skip local-exec provisioners | `bool` | `false` | no |
| subnetwork | The subnetwork to host the cluster in | `any` | n/a | yes |
## Outputs
diff --git a/examples/simple_regional_with_gateway_api/main.tf b/examples/simple_regional_with_gateway_api/main.tf
index 96e9c126c..e7a4e78ff 100644
--- a/examples/simple_regional_with_gateway_api/main.tf
+++ b/examples/simple_regional_with_gateway_api/main.tf
@@ -40,6 +40,5 @@ module "gke" {
service_account = var.compute_engine_service_account
enable_cost_allocation = true
enable_binary_authorization = var.enable_binary_authorization
- skip_provisioners = var.skip_provisioners
gateway_api_channel = var.gateway_api_channel
}
diff --git a/examples/simple_regional_with_gateway_api/variables.tf b/examples/simple_regional_with_gateway_api/variables.tf
index 90ba0ea0f..310c744c5 100644
--- a/examples/simple_regional_with_gateway_api/variables.tf
+++ b/examples/simple_regional_with_gateway_api/variables.tf
@@ -47,12 +47,6 @@ variable "compute_engine_service_account" {
description = "Service account to associate to the nodes in the cluster"
}
-variable "skip_provisioners" {
- type = bool
- description = "Flag to skip local-exec provisioners"
- default = false
-}
-
variable "enable_binary_authorization" {
description = "Enable BinAuthZ Admission controller"
default = false
diff --git a/examples/simple_regional_with_kubeconfig/README.md b/examples/simple_regional_with_kubeconfig/README.md
index 0f2a55027..5fc908b71 100644
--- a/examples/simple_regional_with_kubeconfig/README.md
+++ b/examples/simple_regional_with_kubeconfig/README.md
@@ -14,7 +14,6 @@ This example illustrates how to create a simple cluster and output a `kubeconfig
| network | The VPC network to host the cluster in | `any` | n/a | yes |
| project\_id | The project ID to host the cluster in | `any` | n/a | yes |
| region | The region to host the cluster in | `any` | n/a | yes |
-| skip\_provisioners | Flag to skip local-exec provisioners | `bool` | `false` | no |
| subnetwork | The subnetwork to host the cluster in | `any` | n/a | yes |
## Outputs
diff --git a/examples/simple_regional_with_kubeconfig/main.tf b/examples/simple_regional_with_kubeconfig/main.tf
index 183c0721d..b0aecd4fc 100644
--- a/examples/simple_regional_with_kubeconfig/main.tf
+++ b/examples/simple_regional_with_kubeconfig/main.tf
@@ -38,7 +38,6 @@ module "gke" {
ip_range_services = var.ip_range_services
create_service_account = false
service_account = var.compute_engine_service_account
- skip_provisioners = var.skip_provisioners
}
module "gke_auth" {
diff --git a/examples/simple_regional_with_kubeconfig/variables.tf b/examples/simple_regional_with_kubeconfig/variables.tf
index 832e036d0..de02c95f6 100644
--- a/examples/simple_regional_with_kubeconfig/variables.tf
+++ b/examples/simple_regional_with_kubeconfig/variables.tf
@@ -46,9 +46,3 @@ variable "ip_range_services" {
variable "compute_engine_service_account" {
description = "Service account to associate to the nodes in the cluster"
}
-
-variable "skip_provisioners" {
- type = bool
- description = "Flag to skip local-exec provisioners"
- default = false
-}
diff --git a/examples/simple_zonal_with_asm/README.md b/examples/simple_zonal_with_asm/README.md
index ce486ec50..1019aa240 100644
--- a/examples/simple_zonal_with_asm/README.md
+++ b/examples/simple_zonal_with_asm/README.md
@@ -7,7 +7,6 @@ This example illustrates how to create a simple zonal cluster with ASM.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| cluster\_name\_suffix | A suffix to append to the default cluster name | `string` | `""` | no |
| ip\_range\_pods | The secondary ip range to use for pods | `any` | n/a | yes |
| ip\_range\_services | The secondary ip range to use for services | `any` | n/a | yes |
| network | The VPC network to host the cluster in | `any` | n/a | yes |
diff --git a/examples/simple_zonal_with_asm/main.tf b/examples/simple_zonal_with_asm/main.tf
index c7351435c..97aa499dc 100644
--- a/examples/simple_zonal_with_asm/main.tf
+++ b/examples/simple_zonal_with_asm/main.tf
@@ -14,10 +14,6 @@
* limitations under the License.
*/
-locals {
- cluster_type = "simple-zonal-asm"
-}
-
data "google_client_config" "default" {}
provider "kubernetes" {
diff --git a/examples/simple_zonal_with_asm/variables.tf b/examples/simple_zonal_with_asm/variables.tf
index 6dd142621..82b0cd184 100644
--- a/examples/simple_zonal_with_asm/variables.tf
+++ b/examples/simple_zonal_with_asm/variables.tf
@@ -18,11 +18,6 @@ variable "project_id" {
description = "The project ID to host the cluster in"
}
-variable "cluster_name_suffix" {
- description = "A suffix to append to the default cluster name"
- default = ""
-}
-
variable "region" {
description = "The region to host the cluster in"
}
diff --git a/examples/workload_identity/main.tf b/examples/workload_identity/main.tf
index 204e13b73..4ea51c67a 100644
--- a/examples/workload_identity/main.tf
+++ b/examples/workload_identity/main.tf
@@ -75,7 +75,7 @@ module "workload_identity_existing_ksa" {
location = module.gke.location
namespace = "default"
use_existing_k8s_sa = true
- k8s_sa_name = kubernetes_service_account.test.metadata.0.name
+ k8s_sa_name = kubernetes_service_account.test.metadata[0].name
}
# example with existing GSA
diff --git a/main.tf b/main.tf
index ed5429147..6d671bfbb 100644
--- a/main.tf
+++ b/main.tf
@@ -98,9 +98,7 @@ locals {
mode = lookup(local.old_node_metadata_config_mapping, var.node_metadata, var.node_metadata)
}]
- cluster_output_name = google_container_cluster.primary.name
cluster_output_regional_zones = google_container_cluster.primary.node_locations
- cluster_output_zonal_zones = local.zone_count > 1 ? slice(var.zones, 1, local.zone_count) : []
cluster_output_zones = local.cluster_output_regional_zones
cluster_endpoint = google_container_cluster.primary.endpoint
@@ -111,10 +109,10 @@ locals {
cluster_output_min_master_version = google_container_cluster.primary.min_master_version
cluster_output_logging_service = google_container_cluster.primary.logging_service
cluster_output_monitoring_service = google_container_cluster.primary.monitoring_service
- cluster_output_network_policy_enabled = google_container_cluster.primary.addons_config.0.network_policy_config.0.disabled
- cluster_output_http_load_balancing_enabled = google_container_cluster.primary.addons_config.0.http_load_balancing.0.disabled
- cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config.0.horizontal_pod_autoscaling.0.disabled
- cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : false
+ cluster_output_network_policy_enabled = google_container_cluster.primary.addons_config[0].network_policy_config[0].disabled
+ cluster_output_http_load_balancing_enabled = google_container_cluster.primary.addons_config[0].http_load_balancing[0].disabled
+ cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config[0].horizontal_pod_autoscaling[0].disabled
+ cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false
master_authorized_networks_config = length(var.master_authorized_networks) == 0 ? [] : [{
diff --git a/modules/asm/versions.tf b/modules/asm/versions.tf
index 815c188c6..f59f68f67 100644
--- a/modules/asm/versions.tf
+++ b/modules/asm/versions.tf
@@ -25,7 +25,12 @@ terraform {
}
google = {
source = "hashicorp/google"
- # Avoid v25.0.0 for https://github.com/hashicorp/terraform-provider-google/issues/13507
+ # Avoid v4.49 and v4.50 for https://github.com/hashicorp/terraform-provider-google/issues/13507
+ version = ">= 4.47.0, != 4.49.0, != 4.50.0, < 5.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ # Avoid v4.49 and v4.50 for https://github.com/hashicorp/terraform-provider-google/issues/13507
version = ">= 4.47.0, != 4.49.0, != 4.50.0, < 5.0"
}
}
diff --git a/modules/auth/versions.tf b/modules/auth/versions.tf
index c02d12ea4..334bfd72a 100644
--- a/modules/auth/versions.tf
+++ b/modules/auth/versions.tf
@@ -20,7 +20,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- # Avoid v25.0.0 for https://github.com/hashicorp/terraform-provider-google/issues/13507
+ # Avoid v4.49 and v4.50 for https://github.com/hashicorp/terraform-provider-google/issues/13507
version = ">= 4.47.0, != 4.49.0, != 4.50.0, < 5.0"
}
}
diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md
index 08372212c..d95e55933 100644
--- a/modules/beta-autopilot-private-cluster/README.md
+++ b/modules/beta-autopilot-private-cluster/README.md
@@ -73,11 +73,9 @@ Then perform the following commands on the root folder:
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no |
| cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no |
-| cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no |
| configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no |
| create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no |
| database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | [
{
"key_name": "",
"state": "DECRYPTED"
}
]
| no |
-| datapath\_provider | The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no |
| deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | `bool` | `false` | no |
| description | The description of the cluster | `string` | `""` | no |
| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no |
@@ -103,7 +101,6 @@ Then perform the following commands on the root folder:
| ip\_range\_services | The _name_ of the secondary subnet range to use for services | `string` | n/a | yes |
| issue\_client\_certificate | Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no |
| kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no |
-| logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no |
| maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no |
| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no |
| maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no |
@@ -111,7 +108,6 @@ Then perform the following commands on the root folder:
| master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no |
| master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no |
| master\_ipv4\_cidr\_block | (Beta) The IP range in CIDR notation to use for the hosted master network | `string` | `"10.0.0.0/28"` | no |
-| monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no |
| name | The name of the cluster (required) | `string` | n/a | yes |
| network | The VPC network to host the cluster in (required) | `string` | n/a | yes |
| network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no |
@@ -128,7 +124,6 @@ Then perform the following commands on the root folder:
| service\_external\_ips | Whether external ips specified by a service will be allowed in this cluster | `bool` | `false` | no |
| shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. | object({
metadata = string
}) | {
"metadata": "INCLUDE_ALL_METADATA"
} | no |
| shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
-| skip\_provisioners | Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
diff --git a/modules/beta-autopilot-private-cluster/main.tf b/modules/beta-autopilot-private-cluster/main.tf
index 8e1964224..241b1aa3d 100644
--- a/modules/beta-autopilot-private-cluster/main.tf
+++ b/modules/beta-autopilot-private-cluster/main.tf
@@ -55,9 +55,6 @@ locals {
network_project_id = var.network_project_id != "" ? var.network_project_id : var.project_id
zone_count = length(var.zones)
cluster_type = var.regional ? "regional" : "zonal"
- // auto upgrade by defaults only for regional cluster as long it has multiple masters versus zonal clusters have only have a single master so upgrades are more dangerous.
- // When a release channel is used, node auto-upgrade are enabled and cannot be disabled.
- default_auto_upgrade = var.regional || var.release_channel != null ? true : false
cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null
cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {}
@@ -69,13 +66,11 @@ locals {
}]
- cluster_output_name = google_container_cluster.primary.name
cluster_output_regional_zones = google_container_cluster.primary.node_locations
- cluster_output_zonal_zones = local.zone_count > 1 ? slice(var.zones, 1, local.zone_count) : []
cluster_output_zones = local.cluster_output_regional_zones
- cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config.0.private_endpoint : google_container_cluster.primary.private_cluster_config.0.public_endpoint) : google_container_cluster.primary.endpoint
- cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config.0.peering_name : null
+ cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
+ cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
cluster_endpoint_for_nodes = var.master_ipv4_cidr_block
cluster_output_master_auth = concat(google_container_cluster.primary.*.master_auth, [])
@@ -83,16 +78,14 @@ locals {
cluster_output_min_master_version = google_container_cluster.primary.min_master_version
cluster_output_logging_service = google_container_cluster.primary.logging_service
cluster_output_monitoring_service = google_container_cluster.primary.monitoring_service
- cluster_output_network_policy_enabled = google_container_cluster.primary.addons_config.0.network_policy_config.0.disabled
- cluster_output_http_load_balancing_enabled = google_container_cluster.primary.addons_config.0.http_load_balancing.0.disabled
- cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config.0.horizontal_pod_autoscaling.0.disabled
- cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : false
+ cluster_output_http_load_balancing_enabled = google_container_cluster.primary.addons_config[0].http_load_balancing[0].disabled
+ cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config[0].horizontal_pod_autoscaling[0].disabled
+ cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false
# BETA features
- cluster_output_istio_disabled = google_container_cluster.primary.addons_config.0.istio_config != null && length(google_container_cluster.primary.addons_config.0.istio_config) == 1 ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : false
- cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config.0.enabled : false
+ cluster_output_istio_disabled = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false
+ cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config[0].enabled : false
cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility
- cluster_output_identity_service_enabled = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config.0.enabled : false
# /BETA features
@@ -127,7 +120,6 @@ locals {
# BETA features
cluster_istio_enabled = !local.cluster_output_istio_disabled
cluster_dns_cache_enabled = var.dns_cache
- cluster_telemetry_type_is_set = var.cluster_telemetry_type != null
cluster_pod_security_policy_enabled = local.cluster_output_pod_security_policy_enabled
cluster_intranode_visibility_enabled = local.cluster_output_intranode_visbility_enabled
confidential_node_config = var.enable_confidential_nodes == true ? [{ enabled = true }] : []
diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf
index fa6fa4453..007b2046a 100644
--- a/modules/beta-autopilot-private-cluster/variables.tf
+++ b/modules/beta-autopilot-private-cluster/variables.tf
@@ -102,12 +102,6 @@ variable "service_external_ips" {
default = false
}
-variable "datapath_provider" {
- type = string
- description = "The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature."
- default = "DATAPATH_PROVIDER_UNSPECIFIED"
-}
-
variable "maintenance_start_time" {
type = string
description = "Time window specified for daily or recurring maintenance operations in RFC3339 format"
@@ -208,24 +202,6 @@ variable "configure_ip_masq" {
default = false
}
-variable "cluster_telemetry_type" {
- type = string
- description = "Available options include ENABLED, DISABLED, and SYSTEM_ONLY"
- default = null
-}
-
-variable "logging_service" {
- type = string
- description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none"
- default = "logging.googleapis.com/kubernetes"
-}
-
-variable "monitoring_service" {
- type = string
- description = "The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none"
- default = "monitoring.googleapis.com/kubernetes"
-}
-
variable "create_service_account" {
type = bool
description = "Defines if service account specified to run nodes should be created."
@@ -268,11 +244,6 @@ variable "cluster_resource_labels" {
default = {}
}
-variable "skip_provisioners" {
- type = bool
- description = "Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality."
- default = false
-}
variable "deploy_using_private_endpoint" {
type = bool
diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf
index e116c00b8..888b07bdb 100644
--- a/modules/beta-autopilot-private-cluster/versions.tf
+++ b/modules/beta-autopilot-private-cluster/versions.tf
@@ -19,6 +19,10 @@ terraform {
required_version = ">=0.13"
required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.51.0, < 5.0"
+ }
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.51.0, < 5.0"
@@ -27,6 +31,10 @@ terraform {
source = "hashicorp/kubernetes"
version = "~> 2.10"
}
+ random = {
+ source = "hashicorp/random"
+ version = ">= 2.1"
+ }
}
provider_meta "google-beta" {
module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-private-cluster/v25.0.0"
diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md
index 59adfa9ee..bd1724b8c 100644
--- a/modules/beta-autopilot-public-cluster/README.md
+++ b/modules/beta-autopilot-public-cluster/README.md
@@ -67,11 +67,9 @@ Then perform the following commands on the root folder:
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no |
| cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no |
-| cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no |
| configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no |
| create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no |
| database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | [
{
"key_name": "",
"state": "DECRYPTED"
}
]
| no |
-| datapath\_provider | The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no |
| description | The description of the cluster | `string` | `""` | no |
| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no |
| dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `true` | no |
@@ -94,13 +92,11 @@ Then perform the following commands on the root folder:
| ip\_range\_services | The _name_ of the secondary subnet range to use for services | `string` | n/a | yes |
| issue\_client\_certificate | Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no |
| kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no |
-| logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no |
| maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no |
| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no |
| maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no |
| maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no |
| master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no |
-| monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no |
| name | The name of the cluster (required) | `string` | n/a | yes |
| network | The VPC network to host the cluster in (required) | `string` | n/a | yes |
| network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no |
@@ -117,7 +113,6 @@ Then perform the following commands on the root folder:
| service\_external\_ips | Whether external ips specified by a service will be allowed in this cluster | `bool` | `false` | no |
| shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. | object({
metadata = string
}) | {
"metadata": "INCLUDE_ALL_METADATA"
} | no |
| shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
-| skip\_provisioners | Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
diff --git a/modules/beta-autopilot-public-cluster/main.tf b/modules/beta-autopilot-public-cluster/main.tf
index 6ec8dbcd6..f9c8f12b1 100644
--- a/modules/beta-autopilot-public-cluster/main.tf
+++ b/modules/beta-autopilot-public-cluster/main.tf
@@ -55,9 +55,6 @@ locals {
network_project_id = var.network_project_id != "" ? var.network_project_id : var.project_id
zone_count = length(var.zones)
cluster_type = var.regional ? "regional" : "zonal"
- // auto upgrade by defaults only for regional cluster as long it has multiple masters versus zonal clusters have only have a single master so upgrades are more dangerous.
- // When a release channel is used, node auto-upgrade are enabled and cannot be disabled.
- default_auto_upgrade = var.regional || var.release_channel != null ? true : false
cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null
cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {}
@@ -69,9 +66,7 @@ locals {
}]
- cluster_output_name = google_container_cluster.primary.name
cluster_output_regional_zones = google_container_cluster.primary.node_locations
- cluster_output_zonal_zones = local.zone_count > 1 ? slice(var.zones, 1, local.zone_count) : []
cluster_output_zones = local.cluster_output_regional_zones
cluster_endpoint = google_container_cluster.primary.endpoint
@@ -82,16 +77,14 @@ locals {
cluster_output_min_master_version = google_container_cluster.primary.min_master_version
cluster_output_logging_service = google_container_cluster.primary.logging_service
cluster_output_monitoring_service = google_container_cluster.primary.monitoring_service
- cluster_output_network_policy_enabled = google_container_cluster.primary.addons_config.0.network_policy_config.0.disabled
- cluster_output_http_load_balancing_enabled = google_container_cluster.primary.addons_config.0.http_load_balancing.0.disabled
- cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config.0.horizontal_pod_autoscaling.0.disabled
- cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : false
+ cluster_output_http_load_balancing_enabled = google_container_cluster.primary.addons_config[0].http_load_balancing[0].disabled
+ cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config[0].horizontal_pod_autoscaling[0].disabled
+ cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false
# BETA features
- cluster_output_istio_disabled = google_container_cluster.primary.addons_config.0.istio_config != null && length(google_container_cluster.primary.addons_config.0.istio_config) == 1 ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : false
- cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config.0.enabled : false
+ cluster_output_istio_disabled = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false
+ cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config[0].enabled : false
cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility
- cluster_output_identity_service_enabled = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config.0.enabled : false
# /BETA features
@@ -126,7 +119,6 @@ locals {
# BETA features
cluster_istio_enabled = !local.cluster_output_istio_disabled
cluster_dns_cache_enabled = var.dns_cache
- cluster_telemetry_type_is_set = var.cluster_telemetry_type != null
cluster_pod_security_policy_enabled = local.cluster_output_pod_security_policy_enabled
cluster_intranode_visibility_enabled = local.cluster_output_intranode_visbility_enabled
confidential_node_config = var.enable_confidential_nodes == true ? [{ enabled = true }] : []
diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf
index 4d3034f48..897e261e8 100644
--- a/modules/beta-autopilot-public-cluster/variables.tf
+++ b/modules/beta-autopilot-public-cluster/variables.tf
@@ -102,12 +102,6 @@ variable "service_external_ips" {
default = false
}
-variable "datapath_provider" {
- type = string
- description = "The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature."
- default = "DATAPATH_PROVIDER_UNSPECIFIED"
-}
-
variable "maintenance_start_time" {
type = string
description = "Time window specified for daily or recurring maintenance operations in RFC3339 format"
@@ -208,24 +202,6 @@ variable "configure_ip_masq" {
default = false
}
-variable "cluster_telemetry_type" {
- type = string
- description = "Available options include ENABLED, DISABLED, and SYSTEM_ONLY"
- default = null
-}
-
-variable "logging_service" {
- type = string
- description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none"
- default = "logging.googleapis.com/kubernetes"
-}
-
-variable "monitoring_service" {
- type = string
- description = "The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none"
- default = "monitoring.googleapis.com/kubernetes"
-}
-
variable "create_service_account" {
type = bool
description = "Defines if service account specified to run nodes should be created."
@@ -268,11 +244,6 @@ variable "cluster_resource_labels" {
default = {}
}
-variable "skip_provisioners" {
- type = bool
- description = "Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality."
- default = false
-}
variable "dns_cache" {
type = bool
diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf
index b6e1f5351..ac9a46668 100644
--- a/modules/beta-autopilot-public-cluster/versions.tf
+++ b/modules/beta-autopilot-public-cluster/versions.tf
@@ -19,6 +19,10 @@ terraform {
required_version = ">=0.13"
required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.51.0, < 5.0"
+ }
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.51.0, < 5.0"
@@ -27,6 +31,10 @@ terraform {
source = "hashicorp/kubernetes"
version = "~> 2.10"
}
+ random = {
+ source = "hashicorp/random"
+ version = ">= 2.1"
+ }
}
provider_meta "google-beta" {
module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-public-cluster/v25.0.0"
diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md
index 3d4460ff1..ad2c816ae 100644
--- a/modules/beta-private-cluster-update-variant/README.md
+++ b/modules/beta-private-cluster-update-variant/README.md
@@ -258,7 +258,6 @@ Then perform the following commands on the root folder:
| service\_external\_ips | Whether external ips specified by a service will be allowed in this cluster | `bool` | `false` | no |
| shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. | object({
metadata = string
}) | {
"metadata": "INCLUDE_ALL_METADATA"
} | no |
| shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
-| skip\_provisioners | Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf
index 3c8e1f590..dbbf64e97 100644
--- a/modules/beta-private-cluster-update-variant/main.tf
+++ b/modules/beta-private-cluster-update-variant/main.tf
@@ -111,13 +111,11 @@ locals {
mode = lookup(local.old_node_metadata_config_mapping, var.node_metadata, var.node_metadata)
}]
- cluster_output_name = google_container_cluster.primary.name
cluster_output_regional_zones = google_container_cluster.primary.node_locations
- cluster_output_zonal_zones = local.zone_count > 1 ? slice(var.zones, 1, local.zone_count) : []
cluster_output_zones = local.cluster_output_regional_zones
- cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config.0.private_endpoint : google_container_cluster.primary.private_cluster_config.0.public_endpoint) : google_container_cluster.primary.endpoint
- cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config.0.peering_name : null
+ cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
+ cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
cluster_endpoint_for_nodes = var.master_ipv4_cidr_block
cluster_output_master_auth = concat(google_container_cluster.primary.*.master_auth, [])
@@ -125,16 +123,15 @@ locals {
cluster_output_min_master_version = google_container_cluster.primary.min_master_version
cluster_output_logging_service = google_container_cluster.primary.logging_service
cluster_output_monitoring_service = google_container_cluster.primary.monitoring_service
- cluster_output_network_policy_enabled = google_container_cluster.primary.addons_config.0.network_policy_config.0.disabled
- cluster_output_http_load_balancing_enabled = google_container_cluster.primary.addons_config.0.http_load_balancing.0.disabled
- cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config.0.horizontal_pod_autoscaling.0.disabled
- cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : false
+ cluster_output_network_policy_enabled = google_container_cluster.primary.addons_config[0].network_policy_config[0].disabled
+ cluster_output_http_load_balancing_enabled = google_container_cluster.primary.addons_config[0].http_load_balancing[0].disabled
+ cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config[0].horizontal_pod_autoscaling[0].disabled
+ cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false
# BETA features
- cluster_output_istio_disabled = google_container_cluster.primary.addons_config.0.istio_config != null && length(google_container_cluster.primary.addons_config.0.istio_config) == 1 ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : false
- cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config.0.enabled : false
+ cluster_output_istio_disabled = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false
+ cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config[0].enabled : false
cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility
- cluster_output_identity_service_enabled = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config.0.enabled : false
# /BETA features
diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf
index 7fa57dfe6..7ed013cfc 100644
--- a/modules/beta-private-cluster-update-variant/variables.tf
+++ b/modules/beta-private-cluster-update-variant/variables.tf
@@ -380,11 +380,6 @@ variable "cluster_resource_labels" {
default = {}
}
-variable "skip_provisioners" {
- type = bool
- description = "Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality."
- default = false
-}
variable "deploy_using_private_endpoint" {
type = bool
@@ -660,6 +655,7 @@ variable "enable_kubernetes_alpha" {
variable "istio" {
description = "(Beta) Enable Istio addon"
+ type = bool
default = false
}
@@ -683,11 +679,13 @@ variable "config_connector" {
variable "cloudrun" {
description = "(Beta) Enable CloudRun addon"
+ type = bool
default = false
}
variable "cloudrun_load_balancer_type" {
description = "(Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer."
+ type = string
default = ""
}
diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf
index 878a4834f..23d268fc3 100644
--- a/modules/beta-private-cluster-update-variant/versions.tf
+++ b/modules/beta-private-cluster-update-variant/versions.tf
@@ -19,6 +19,10 @@ terraform {
required_version = ">=0.13"
required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.51.0, < 5.0"
+ }
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.51.0, < 5.0"
@@ -27,6 +31,10 @@ terraform {
source = "hashicorp/kubernetes"
version = "~> 2.10"
}
+ random = {
+ source = "hashicorp/random"
+ version = ">= 2.1"
+ }
}
provider_meta "google-beta" {
module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster-update-variant/v25.0.0"
diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
index 187319a38..06510a1a1 100644
--- a/modules/beta-private-cluster/README.md
+++ b/modules/beta-private-cluster/README.md
@@ -236,7 +236,6 @@ Then perform the following commands on the root folder:
| service\_external\_ips | Whether external ips specified by a service will be allowed in this cluster | `bool` | `false` | no |
| shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. | object({
metadata = string
}) | {
"metadata": "INCLUDE_ALL_METADATA"
} | no |
| shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
-| skip\_provisioners | Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf
index 3c8e1f590..dbbf64e97 100644
--- a/modules/beta-private-cluster/main.tf
+++ b/modules/beta-private-cluster/main.tf
@@ -111,13 +111,11 @@ locals {
mode = lookup(local.old_node_metadata_config_mapping, var.node_metadata, var.node_metadata)
}]
- cluster_output_name = google_container_cluster.primary.name
cluster_output_regional_zones = google_container_cluster.primary.node_locations
- cluster_output_zonal_zones = local.zone_count > 1 ? slice(var.zones, 1, local.zone_count) : []
cluster_output_zones = local.cluster_output_regional_zones
- cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config.0.private_endpoint : google_container_cluster.primary.private_cluster_config.0.public_endpoint) : google_container_cluster.primary.endpoint
- cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config.0.peering_name : null
+ cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
+ cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
cluster_endpoint_for_nodes = var.master_ipv4_cidr_block
cluster_output_master_auth = concat(google_container_cluster.primary.*.master_auth, [])
@@ -125,16 +123,15 @@ locals {
cluster_output_min_master_version = google_container_cluster.primary.min_master_version
cluster_output_logging_service = google_container_cluster.primary.logging_service
cluster_output_monitoring_service = google_container_cluster.primary.monitoring_service
- cluster_output_network_policy_enabled = google_container_cluster.primary.addons_config.0.network_policy_config.0.disabled
- cluster_output_http_load_balancing_enabled = google_container_cluster.primary.addons_config.0.http_load_balancing.0.disabled
- cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config.0.horizontal_pod_autoscaling.0.disabled
- cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : false
+ cluster_output_network_policy_enabled = google_container_cluster.primary.addons_config[0].network_policy_config[0].disabled
+ cluster_output_http_load_balancing_enabled = google_container_cluster.primary.addons_config[0].http_load_balancing[0].disabled
+ cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config[0].horizontal_pod_autoscaling[0].disabled
+ cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false
# BETA features
- cluster_output_istio_disabled = google_container_cluster.primary.addons_config.0.istio_config != null && length(google_container_cluster.primary.addons_config.0.istio_config) == 1 ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : false
- cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config.0.enabled : false
+ cluster_output_istio_disabled = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false
+ cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config[0].enabled : false
cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility
- cluster_output_identity_service_enabled = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config.0.enabled : false
# /BETA features
diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
index 7fa57dfe6..7ed013cfc 100644
--- a/modules/beta-private-cluster/variables.tf
+++ b/modules/beta-private-cluster/variables.tf
@@ -380,11 +380,6 @@ variable "cluster_resource_labels" {
default = {}
}
-variable "skip_provisioners" {
- type = bool
- description = "Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality."
- default = false
-}
variable "deploy_using_private_endpoint" {
type = bool
@@ -660,6 +655,7 @@ variable "enable_kubernetes_alpha" {
variable "istio" {
description = "(Beta) Enable Istio addon"
+ type = bool
default = false
}
@@ -683,11 +679,13 @@ variable "config_connector" {
variable "cloudrun" {
description = "(Beta) Enable CloudRun addon"
+ type = bool
default = false
}
variable "cloudrun_load_balancer_type" {
description = "(Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer."
+ type = string
default = ""
}
diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf
index da5f3f632..3862d0a5d 100644
--- a/modules/beta-private-cluster/versions.tf
+++ b/modules/beta-private-cluster/versions.tf
@@ -19,6 +19,10 @@ terraform {
required_version = ">=0.13"
required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.51.0, < 5.0"
+ }
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.51.0, < 5.0"
@@ -27,6 +31,10 @@ terraform {
source = "hashicorp/kubernetes"
version = "~> 2.10"
}
+ random = {
+ source = "hashicorp/random"
+ version = ">= 2.1"
+ }
}
provider_meta "google-beta" {
module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster/v25.0.0"
diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md
index 8b027d13f..e7afd3d7a 100644
--- a/modules/beta-public-cluster-update-variant/README.md
+++ b/modules/beta-public-cluster-update-variant/README.md
@@ -247,7 +247,6 @@ Then perform the following commands on the root folder:
| service\_external\_ips | Whether external ips specified by a service will be allowed in this cluster | `bool` | `false` | no |
| shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. | object({
metadata = string
}) | {
"metadata": "INCLUDE_ALL_METADATA"
} | no |
| shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
-| skip\_provisioners | Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
diff --git a/modules/beta-public-cluster-update-variant/main.tf b/modules/beta-public-cluster-update-variant/main.tf
index cd60bce50..59ae5281d 100644
--- a/modules/beta-public-cluster-update-variant/main.tf
+++ b/modules/beta-public-cluster-update-variant/main.tf
@@ -111,9 +111,7 @@ locals {
mode = lookup(local.old_node_metadata_config_mapping, var.node_metadata, var.node_metadata)
}]
- cluster_output_name = google_container_cluster.primary.name
cluster_output_regional_zones = google_container_cluster.primary.node_locations
- cluster_output_zonal_zones = local.zone_count > 1 ? slice(var.zones, 1, local.zone_count) : []
cluster_output_zones = local.cluster_output_regional_zones
cluster_endpoint = google_container_cluster.primary.endpoint
@@ -124,16 +122,15 @@ locals {
cluster_output_min_master_version = google_container_cluster.primary.min_master_version
cluster_output_logging_service = google_container_cluster.primary.logging_service
cluster_output_monitoring_service = google_container_cluster.primary.monitoring_service
- cluster_output_network_policy_enabled = google_container_cluster.primary.addons_config.0.network_policy_config.0.disabled
- cluster_output_http_load_balancing_enabled = google_container_cluster.primary.addons_config.0.http_load_balancing.0.disabled
- cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config.0.horizontal_pod_autoscaling.0.disabled
- cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : false
+ cluster_output_network_policy_enabled = google_container_cluster.primary.addons_config[0].network_policy_config[0].disabled
+ cluster_output_http_load_balancing_enabled = google_container_cluster.primary.addons_config[0].http_load_balancing[0].disabled
+ cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config[0].horizontal_pod_autoscaling[0].disabled
+ cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false
# BETA features
- cluster_output_istio_disabled = google_container_cluster.primary.addons_config.0.istio_config != null && length(google_container_cluster.primary.addons_config.0.istio_config) == 1 ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : false
- cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config.0.enabled : false
+ cluster_output_istio_disabled = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false
+ cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config[0].enabled : false
cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility
- cluster_output_identity_service_enabled = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config.0.enabled : false
# /BETA features
diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf
index 970d25f40..04a2a2168 100644
--- a/modules/beta-public-cluster-update-variant/variables.tf
+++ b/modules/beta-public-cluster-update-variant/variables.tf
@@ -380,11 +380,6 @@ variable "cluster_resource_labels" {
default = {}
}
-variable "skip_provisioners" {
- type = bool
- description = "Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality."
- default = false
-}
variable "dns_cache" {
type = bool
@@ -630,6 +625,7 @@ variable "enable_kubernetes_alpha" {
variable "istio" {
description = "(Beta) Enable Istio addon"
+ type = bool
default = false
}
@@ -653,11 +649,13 @@ variable "config_connector" {
variable "cloudrun" {
description = "(Beta) Enable CloudRun addon"
+ type = bool
default = false
}
variable "cloudrun_load_balancer_type" {
description = "(Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer."
+ type = string
default = ""
}
diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf
index 622145d91..866413bcf 100644
--- a/modules/beta-public-cluster-update-variant/versions.tf
+++ b/modules/beta-public-cluster-update-variant/versions.tf
@@ -19,6 +19,10 @@ terraform {
required_version = ">=0.13"
required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.51.0, < 5.0"
+ }
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.51.0, < 5.0"
@@ -27,6 +31,10 @@ terraform {
source = "hashicorp/kubernetes"
version = "~> 2.10"
}
+ random = {
+ source = "hashicorp/random"
+ version = ">= 2.1"
+ }
}
provider_meta "google-beta" {
module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster-update-variant/v25.0.0"
diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
index 74a82dfa1..3dfed7181 100644
--- a/modules/beta-public-cluster/README.md
+++ b/modules/beta-public-cluster/README.md
@@ -225,7 +225,6 @@ Then perform the following commands on the root folder:
| service\_external\_ips | Whether external ips specified by a service will be allowed in this cluster | `bool` | `false` | no |
| shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. | object({
metadata = string
}) | {
"metadata": "INCLUDE_ALL_METADATA"
} | no |
| shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
-| skip\_provisioners | Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf
index cd60bce50..59ae5281d 100644
--- a/modules/beta-public-cluster/main.tf
+++ b/modules/beta-public-cluster/main.tf
@@ -111,9 +111,7 @@ locals {
mode = lookup(local.old_node_metadata_config_mapping, var.node_metadata, var.node_metadata)
}]
- cluster_output_name = google_container_cluster.primary.name
cluster_output_regional_zones = google_container_cluster.primary.node_locations
- cluster_output_zonal_zones = local.zone_count > 1 ? slice(var.zones, 1, local.zone_count) : []
cluster_output_zones = local.cluster_output_regional_zones
cluster_endpoint = google_container_cluster.primary.endpoint
@@ -124,16 +122,15 @@ locals {
cluster_output_min_master_version = google_container_cluster.primary.min_master_version
cluster_output_logging_service = google_container_cluster.primary.logging_service
cluster_output_monitoring_service = google_container_cluster.primary.monitoring_service
- cluster_output_network_policy_enabled = google_container_cluster.primary.addons_config.0.network_policy_config.0.disabled
- cluster_output_http_load_balancing_enabled = google_container_cluster.primary.addons_config.0.http_load_balancing.0.disabled
- cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config.0.horizontal_pod_autoscaling.0.disabled
- cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : false
+ cluster_output_network_policy_enabled = google_container_cluster.primary.addons_config[0].network_policy_config[0].disabled
+ cluster_output_http_load_balancing_enabled = google_container_cluster.primary.addons_config[0].http_load_balancing[0].disabled
+ cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config[0].horizontal_pod_autoscaling[0].disabled
+ cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false
# BETA features
- cluster_output_istio_disabled = google_container_cluster.primary.addons_config.0.istio_config != null && length(google_container_cluster.primary.addons_config.0.istio_config) == 1 ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : false
- cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config.0.enabled : false
+ cluster_output_istio_disabled = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false
+ cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config[0].enabled : false
cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility
- cluster_output_identity_service_enabled = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config.0.enabled : false
# /BETA features
diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf
index 970d25f40..04a2a2168 100644
--- a/modules/beta-public-cluster/variables.tf
+++ b/modules/beta-public-cluster/variables.tf
@@ -380,11 +380,6 @@ variable "cluster_resource_labels" {
default = {}
}
-variable "skip_provisioners" {
- type = bool
- description = "Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality."
- default = false
-}
variable "dns_cache" {
type = bool
@@ -630,6 +625,7 @@ variable "enable_kubernetes_alpha" {
variable "istio" {
description = "(Beta) Enable Istio addon"
+ type = bool
default = false
}
@@ -653,11 +649,13 @@ variable "config_connector" {
variable "cloudrun" {
description = "(Beta) Enable CloudRun addon"
+ type = bool
default = false
}
variable "cloudrun_load_balancer_type" {
description = "(Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer."
+ type = string
default = ""
}
diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf
index ccf46416f..8f28406fb 100644
--- a/modules/beta-public-cluster/versions.tf
+++ b/modules/beta-public-cluster/versions.tf
@@ -19,6 +19,10 @@ terraform {
required_version = ">=0.13"
required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.51.0, < 5.0"
+ }
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.51.0, < 5.0"
@@ -27,6 +31,10 @@ terraform {
source = "hashicorp/kubernetes"
version = "~> 2.10"
}
+ random = {
+ source = "hashicorp/random"
+ version = ">= 2.1"
+ }
}
provider_meta "google-beta" {
module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster/v25.0.0"
diff --git a/modules/binary-authorization/versions.tf b/modules/binary-authorization/versions.tf
index 6c7b10adc..008ac2c4e 100644
--- a/modules/binary-authorization/versions.tf
+++ b/modules/binary-authorization/versions.tf
@@ -17,7 +17,16 @@
terraform {
required_version = ">= 0.13.0"
-
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = "< 5.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = "< 5.0"
+ }
+ }
provider_meta "google" {
module_name = "blueprints/terraform/terraform-google-kubernetes-engine:binary-authorization/v25.0.0"
}
diff --git a/modules/fleet-membership/versions.tf b/modules/fleet-membership/versions.tf
index da9bee0de..8e57f91b5 100644
--- a/modules/fleet-membership/versions.tf
+++ b/modules/fleet-membership/versions.tf
@@ -21,7 +21,12 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- # Avoid v25.0.0 for https://github.com/hashicorp/terraform-provider-google/issues/13507
+ # Avoid v4.49 and v4.50 for https://github.com/hashicorp/terraform-provider-google/issues/13507
+ version = ">= 4.47.0, != 4.49.0, != 4.50.0, < 5.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ # Avoid v4.49 and v4.50 for https://github.com/hashicorp/terraform-provider-google/issues/13507
version = ">= 4.47.0, != 4.49.0, != 4.50.0, < 5.0"
}
}
diff --git a/modules/hub-legacy/README.md b/modules/hub-legacy/README.md
index 8686b2c56..999f8113d 100644
--- a/modules/hub-legacy/README.md
+++ b/modules/hub-legacy/README.md
@@ -37,7 +37,6 @@ To deploy this config:
|------|-------------|------|---------|:--------:|
| cluster\_endpoint | The GKE cluster endpoint. | `string` | n/a | yes |
| cluster\_name | The unique name to identify the cluster in ASM. | `string` | n/a | yes |
-| enable\_gke\_hub\_registration | Enables GKE Hub Registration when set to true | `bool` | `true` | no |
| gcloud\_sdk\_version | The gcloud sdk version to use. Minimum required version is 293.0.0 | `string` | `"296.0.1"` | no |
| gke\_hub\_membership\_name | Membership name that uniquely represents the cluster being registered on the Hub | `string` | `"gke-hub-membership"` | no |
| gke\_hub\_sa\_name | Name for the GKE Hub SA stored as a secret `creds-gcp` in the `gke-connect` namespace. | `string` | `"gke-hub-sa"` | no |
diff --git a/modules/hub-legacy/main.tf b/modules/hub-legacy/main.tf
index 700f474b2..c2dcb88c4 100644
--- a/modules/hub-legacy/main.tf
+++ b/modules/hub-legacy/main.tf
@@ -27,9 +27,6 @@ locals {
destroy_gke_body = "${local.is_gke_flag} ${var.gke_hub_membership_name} ${local.cluster_uri} ${local.hub_project}"
}
-data "google_client_config" "default" {
-}
-
resource "google_service_account" "gke_hub_sa" {
count = var.use_existing_sa ? 0 : 1
account_id = var.gke_hub_sa_name
diff --git a/modules/hub-legacy/variables.tf b/modules/hub-legacy/variables.tf
index b9b15d829..f8c7af649 100644
--- a/modules/hub-legacy/variables.tf
+++ b/modules/hub-legacy/variables.tf
@@ -52,12 +52,6 @@ variable "gcloud_sdk_version" {
default = "296.0.1"
}
-variable "enable_gke_hub_registration" {
- description = "Enables GKE Hub Registration when set to true"
- type = bool
- default = true
-}
-
variable "gke_hub_sa_name" {
description = "Name for the GKE Hub SA stored as a secret `creds-gcp` in the `gke-connect` namespace."
type = string
@@ -90,6 +84,7 @@ variable "module_depends_on" {
variable "use_kubeconfig" {
description = "Use existing kubeconfig to register membership. Set this to true for non GKE clusters. Assumes kubectl context is set to cluster to register."
+ type = bool
default = false
}
diff --git a/modules/hub-legacy/versions.tf b/modules/hub-legacy/versions.tf
index 8d2f021ae..3bf80cfab 100644
--- a/modules/hub-legacy/versions.tf
+++ b/modules/hub-legacy/versions.tf
@@ -17,7 +17,16 @@
terraform {
required_version = ">= 0.13.0"
-
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = "< 5.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = "< 5.0"
+ }
+ }
provider_meta "google" {
module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v25.0.0"
}
diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md
index f3519d5ce..92c28f3e7 100644
--- a/modules/private-cluster-update-variant/README.md
+++ b/modules/private-cluster-update-variant/README.md
@@ -240,7 +240,6 @@ Then perform the following commands on the root folder:
| service\_external\_ips | Whether external ips specified by a service will be allowed in this cluster | `bool` | `false` | no |
| shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. | object({
metadata = string
}) | {
"metadata": "INCLUDE_ALL_METADATA"
} | no |
| shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
-| skip\_provisioners | Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf
index edf1dbe2b..5ae0f32e4 100644
--- a/modules/private-cluster-update-variant/main.tf
+++ b/modules/private-cluster-update-variant/main.tf
@@ -98,13 +98,11 @@ locals {
mode = lookup(local.old_node_metadata_config_mapping, var.node_metadata, var.node_metadata)
}]
- cluster_output_name = google_container_cluster.primary.name
cluster_output_regional_zones = google_container_cluster.primary.node_locations
- cluster_output_zonal_zones = local.zone_count > 1 ? slice(var.zones, 1, local.zone_count) : []
cluster_output_zones = local.cluster_output_regional_zones
- cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config.0.private_endpoint : google_container_cluster.primary.private_cluster_config.0.public_endpoint) : google_container_cluster.primary.endpoint
- cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config.0.peering_name : null
+ cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
+ cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
cluster_endpoint_for_nodes = var.master_ipv4_cidr_block
cluster_output_master_auth = concat(google_container_cluster.primary.*.master_auth, [])
@@ -112,10 +110,10 @@ locals {
cluster_output_min_master_version = google_container_cluster.primary.min_master_version
cluster_output_logging_service = google_container_cluster.primary.logging_service
cluster_output_monitoring_service = google_container_cluster.primary.monitoring_service
- cluster_output_network_policy_enabled = google_container_cluster.primary.addons_config.0.network_policy_config.0.disabled
- cluster_output_http_load_balancing_enabled = google_container_cluster.primary.addons_config.0.http_load_balancing.0.disabled
- cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config.0.horizontal_pod_autoscaling.0.disabled
- cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : false
+ cluster_output_network_policy_enabled = google_container_cluster.primary.addons_config[0].network_policy_config[0].disabled
+ cluster_output_http_load_balancing_enabled = google_container_cluster.primary.addons_config[0].http_load_balancing[0].disabled
+ cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config[0].horizontal_pod_autoscaling[0].disabled
+ cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false
master_authorized_networks_config = length(var.master_authorized_networks) == 0 ? [] : [{
diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf
index ae9369058..7564e7993 100644
--- a/modules/private-cluster-update-variant/variables.tf
+++ b/modules/private-cluster-update-variant/variables.tf
@@ -372,11 +372,6 @@ variable "cluster_resource_labels" {
default = {}
}
-variable "skip_provisioners" {
- type = bool
- description = "Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality."
- default = false
-}
variable "deploy_using_private_endpoint" {
type = bool
diff --git a/modules/private-cluster-update-variant/versions.tf b/modules/private-cluster-update-variant/versions.tf
index 55c4424ee..21b51d266 100644
--- a/modules/private-cluster-update-variant/versions.tf
+++ b/modules/private-cluster-update-variant/versions.tf
@@ -27,6 +27,10 @@ terraform {
source = "hashicorp/kubernetes"
version = "~> 2.10"
}
+ random = {
+ source = "hashicorp/random"
+ version = ">= 2.1"
+ }
}
provider_meta "google" {
module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster-update-variant/v25.0.0"
diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md
index 94b9c58d9..fd9069fe6 100644
--- a/modules/private-cluster/README.md
+++ b/modules/private-cluster/README.md
@@ -218,7 +218,6 @@ Then perform the following commands on the root folder:
| service\_external\_ips | Whether external ips specified by a service will be allowed in this cluster | `bool` | `false` | no |
| shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. | object({
metadata = string
}) | {
"metadata": "INCLUDE_ALL_METADATA"
} | no |
| shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
-| skip\_provisioners | Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf
index edf1dbe2b..5ae0f32e4 100644
--- a/modules/private-cluster/main.tf
+++ b/modules/private-cluster/main.tf
@@ -98,13 +98,11 @@ locals {
mode = lookup(local.old_node_metadata_config_mapping, var.node_metadata, var.node_metadata)
}]
- cluster_output_name = google_container_cluster.primary.name
cluster_output_regional_zones = google_container_cluster.primary.node_locations
- cluster_output_zonal_zones = local.zone_count > 1 ? slice(var.zones, 1, local.zone_count) : []
cluster_output_zones = local.cluster_output_regional_zones
- cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config.0.private_endpoint : google_container_cluster.primary.private_cluster_config.0.public_endpoint) : google_container_cluster.primary.endpoint
- cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config.0.peering_name : null
+ cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
+ cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
cluster_endpoint_for_nodes = var.master_ipv4_cidr_block
cluster_output_master_auth = concat(google_container_cluster.primary.*.master_auth, [])
@@ -112,10 +110,10 @@ locals {
cluster_output_min_master_version = google_container_cluster.primary.min_master_version
cluster_output_logging_service = google_container_cluster.primary.logging_service
cluster_output_monitoring_service = google_container_cluster.primary.monitoring_service
- cluster_output_network_policy_enabled = google_container_cluster.primary.addons_config.0.network_policy_config.0.disabled
- cluster_output_http_load_balancing_enabled = google_container_cluster.primary.addons_config.0.http_load_balancing.0.disabled
- cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config.0.horizontal_pod_autoscaling.0.disabled
- cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : false
+ cluster_output_network_policy_enabled = google_container_cluster.primary.addons_config[0].network_policy_config[0].disabled
+ cluster_output_http_load_balancing_enabled = google_container_cluster.primary.addons_config[0].http_load_balancing[0].disabled
+ cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config[0].horizontal_pod_autoscaling[0].disabled
+ cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false
master_authorized_networks_config = length(var.master_authorized_networks) == 0 ? [] : [{
diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf
index ae9369058..7564e7993 100644
--- a/modules/private-cluster/variables.tf
+++ b/modules/private-cluster/variables.tf
@@ -372,11 +372,6 @@ variable "cluster_resource_labels" {
default = {}
}
-variable "skip_provisioners" {
- type = bool
- description = "Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality."
- default = false
-}
variable "deploy_using_private_endpoint" {
type = bool
diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf
index d8bbe63be..e1cf7c953 100644
--- a/modules/private-cluster/versions.tf
+++ b/modules/private-cluster/versions.tf
@@ -27,6 +27,10 @@ terraform {
source = "hashicorp/kubernetes"
version = "~> 2.10"
}
+ random = {
+ source = "hashicorp/random"
+ version = ">= 2.1"
+ }
}
provider_meta "google" {
module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster/v25.0.0"
diff --git a/modules/safer-cluster-update-variant/README.md b/modules/safer-cluster-update-variant/README.md
index e47612dcb..e60325306 100644
--- a/modules/safer-cluster-update-variant/README.md
+++ b/modules/safer-cluster-update-variant/README.md
@@ -219,10 +219,8 @@ For simplicity, we suggest using `roles/container.admin` and
| dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | `bool` | `false` | no |
| enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no |
| enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no |
-| enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no |
| enable\_pod\_security\_policy | enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created. | `bool` | `false` | no |
| enable\_private\_endpoint | When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used. This field only applies to private clusters, when enable\_private\_nodes is true | `bool` | `true` | no |
-| enable\_resource\_consumption\_export | Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. | `bool` | `true` | no |
| enable\_shielded\_nodes | Enable Shielded Nodes features on all nodes in this cluster. | `bool` | `true` | no |
| enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `false` | no |
| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
@@ -267,7 +265,6 @@ For simplicity, we suggest using `roles/container.admin` and
| release\_channel | (Beta) The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no |
| resource\_usage\_export\_dataset\_id | The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `string` | `""` | no |
| sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it). | `bool` | `false` | no |
-| skip\_provisioners | Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in | `string` | n/a | yes |
| upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no |
diff --git a/modules/safer-cluster-update-variant/main.tf b/modules/safer-cluster-update-variant/main.tf
index 9366427a4..948969857 100644
--- a/modules/safer-cluster-update-variant/main.tf
+++ b/modules/safer-cluster-update-variant/main.tf
@@ -22,6 +22,7 @@ module "gke" {
source = "../beta-private-cluster-update-variant/"
project_id = var.project_id
name = var.name
+ description = var.description
regional = var.regional
region = var.region
zones = var.zones
@@ -184,8 +185,6 @@ module "gke" {
enable_shielded_nodes = var.enable_shielded_nodes
- skip_provisioners = var.skip_provisioners
-
gce_pd_csi_driver = var.gce_pd_csi_driver
filestore_csi_driver = var.filestore_csi_driver
diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf
index ceb2611cb..67d343060 100644
--- a/modules/safer-cluster-update-variant/variables.tf
+++ b/modules/safer-cluster-update-variant/variables.tf
@@ -306,6 +306,7 @@ variable "master_ipv4_cidr_block" {
variable "istio" {
description = "(Beta) Enable Istio addon"
+ type = bool
default = false
}
@@ -341,6 +342,7 @@ variable "cluster_dns_domain" {
variable "default_max_pods_per_node" {
description = "The maximum number of pods to schedule per node"
+ type = number
default = 110
}
@@ -355,6 +357,7 @@ variable "database_encryption" {
variable "cloudrun" {
description = "(Beta) Enable CloudRun addon"
+ type = bool
default = false
}
@@ -364,18 +367,6 @@ variable "resource_usage_export_dataset_id" {
default = ""
}
-variable "enable_network_egress_export" {
- type = bool
- description = "Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic."
- default = false
-}
-
-variable "enable_resource_consumption_export" {
- type = bool
- description = "Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export."
- default = true
-}
-
variable "enable_cost_allocation" {
type = bool
description = "Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery"
@@ -424,12 +415,6 @@ variable "enable_private_endpoint" {
default = true
}
-variable "skip_provisioners" {
- type = bool
- description = "Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality."
- default = false
-}
-
variable "enable_pod_security_policy" {
type = bool
description = "enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created."
diff --git a/modules/safer-cluster/README.md b/modules/safer-cluster/README.md
index e47612dcb..e60325306 100644
--- a/modules/safer-cluster/README.md
+++ b/modules/safer-cluster/README.md
@@ -219,10 +219,8 @@ For simplicity, we suggest using `roles/container.admin` and
| dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | `bool` | `false` | no |
| enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no |
| enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no |
-| enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no |
| enable\_pod\_security\_policy | enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created. | `bool` | `false` | no |
| enable\_private\_endpoint | When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used. This field only applies to private clusters, when enable\_private\_nodes is true | `bool` | `true` | no |
-| enable\_resource\_consumption\_export | Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. | `bool` | `true` | no |
| enable\_shielded\_nodes | Enable Shielded Nodes features on all nodes in this cluster. | `bool` | `true` | no |
| enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `false` | no |
| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
@@ -267,7 +265,6 @@ For simplicity, we suggest using `roles/container.admin` and
| release\_channel | (Beta) The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no |
| resource\_usage\_export\_dataset\_id | The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `string` | `""` | no |
| sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it). | `bool` | `false` | no |
-| skip\_provisioners | Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in | `string` | n/a | yes |
| upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no |
diff --git a/modules/safer-cluster/main.tf b/modules/safer-cluster/main.tf
index e79a73d8a..1f831cd1c 100644
--- a/modules/safer-cluster/main.tf
+++ b/modules/safer-cluster/main.tf
@@ -22,6 +22,7 @@ module "gke" {
source = "../beta-private-cluster/"
project_id = var.project_id
name = var.name
+ description = var.description
regional = var.regional
region = var.region
zones = var.zones
@@ -184,8 +185,6 @@ module "gke" {
enable_shielded_nodes = var.enable_shielded_nodes
- skip_provisioners = var.skip_provisioners
-
gce_pd_csi_driver = var.gce_pd_csi_driver
filestore_csi_driver = var.filestore_csi_driver
diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf
index ceb2611cb..67d343060 100644
--- a/modules/safer-cluster/variables.tf
+++ b/modules/safer-cluster/variables.tf
@@ -306,6 +306,7 @@ variable "master_ipv4_cidr_block" {
variable "istio" {
description = "(Beta) Enable Istio addon"
+ type = bool
default = false
}
@@ -341,6 +342,7 @@ variable "cluster_dns_domain" {
variable "default_max_pods_per_node" {
description = "The maximum number of pods to schedule per node"
+ type = number
default = 110
}
@@ -355,6 +357,7 @@ variable "database_encryption" {
variable "cloudrun" {
description = "(Beta) Enable CloudRun addon"
+ type = bool
default = false
}
@@ -364,18 +367,6 @@ variable "resource_usage_export_dataset_id" {
default = ""
}
-variable "enable_network_egress_export" {
- type = bool
- description = "Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic."
- default = false
-}
-
-variable "enable_resource_consumption_export" {
- type = bool
- description = "Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export."
- default = true
-}
-
variable "enable_cost_allocation" {
type = bool
description = "Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery"
@@ -424,12 +415,6 @@ variable "enable_private_endpoint" {
default = true
}
-variable "skip_provisioners" {
- type = bool
- description = "Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality."
- default = false
-}
-
variable "enable_pod_security_policy" {
type = bool
description = "enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created."
diff --git a/test/fixtures/beta_cluster/main.tf b/test/fixtures/beta_cluster/main.tf
index f1ab83328..b02fc8b36 100644
--- a/test/fixtures/beta_cluster/main.tf
+++ b/test/fixtures/beta_cluster/main.tf
@@ -68,9 +68,6 @@ module "this" {
enable_binary_authorization = true
enable_pod_security_policy = true
-
- // Dataplane-V2 Feature
- datapath_provider = "ADVANCED_DATAPATH"
}
data "google_client_config" "default" {
diff --git a/test/fixtures/simple_regional/example.tf b/test/fixtures/simple_regional/example.tf
index cb50faf35..cab3eeb2e 100644
--- a/test/fixtures/simple_regional/example.tf
+++ b/test/fixtures/simple_regional/example.tf
@@ -25,6 +25,5 @@ module "example" {
ip_range_pods = google_compute_subnetwork.main.secondary_ip_range[0].range_name
ip_range_services = google_compute_subnetwork.main.secondary_ip_range[1].range_name
compute_engine_service_account = var.compute_engine_service_accounts[0]
- skip_provisioners = true
enable_binary_authorization = true
}
diff --git a/test/fixtures/simple_regional_with_gateway_api/example.tf b/test/fixtures/simple_regional_with_gateway_api/example.tf
index 189a65ba1..b7f9df7fe 100644
--- a/test/fixtures/simple_regional_with_gateway_api/example.tf
+++ b/test/fixtures/simple_regional_with_gateway_api/example.tf
@@ -29,7 +29,6 @@ module "example" {
ip_range_pods = google_compute_subnetwork.main.secondary_ip_range[0].range_name
ip_range_services = google_compute_subnetwork.main.secondary_ip_range[1].range_name
compute_engine_service_account = var.compute_engine_service_accounts[local.cluster_index]
- skip_provisioners = true
enable_binary_authorization = true
gateway_api_channel = "CHANNEL_STANDARD"
}
diff --git a/test/fixtures/simple_regional_with_kubeconfig/example.tf b/test/fixtures/simple_regional_with_kubeconfig/example.tf
index 85af7a580..5bb0bb2be 100644
--- a/test/fixtures/simple_regional_with_kubeconfig/example.tf
+++ b/test/fixtures/simple_regional_with_kubeconfig/example.tf
@@ -25,6 +25,5 @@ module "example" {
ip_range_pods = google_compute_subnetwork.main.secondary_ip_range[0].range_name
ip_range_services = google_compute_subnetwork.main.secondary_ip_range[1].range_name
compute_engine_service_account = var.compute_engine_service_accounts[0]
- skip_provisioners = true
}
diff --git a/test/fixtures/simple_zonal_with_asm/example.tf b/test/fixtures/simple_zonal_with_asm/example.tf
index 30df325bd..76b573ada 100644
--- a/test/fixtures/simple_zonal_with_asm/example.tf
+++ b/test/fixtures/simple_zonal_with_asm/example.tf
@@ -21,12 +21,11 @@ data "google_project" "project" {
module "example" {
source = "../../../examples/simple_zonal_with_asm"
- project_id = var.project_ids[2]
- cluster_name_suffix = "-${random_string.suffix.result}"
- region = var.region
- zones = slice(var.zones, 0, 1)
- network = google_compute_network.main.name
- subnetwork = google_compute_subnetwork.main.name
- ip_range_pods = google_compute_subnetwork.main.secondary_ip_range[0].range_name
- ip_range_services = google_compute_subnetwork.main.secondary_ip_range[1].range_name
+ project_id = var.project_ids[2]
+ region = var.region
+ zones = slice(var.zones, 0, 1)
+ network = google_compute_network.main.name
+ subnetwork = google_compute_subnetwork.main.name
+ ip_range_pods = google_compute_subnetwork.main.secondary_ip_range[0].range_name
+ ip_range_services = google_compute_subnetwork.main.secondary_ip_range[1].range_name
}
diff --git a/variables.tf b/variables.tf
index 764abfdb1..08b7a7465 100644
--- a/variables.tf
+++ b/variables.tf
@@ -372,11 +372,6 @@ variable "cluster_resource_labels" {
default = {}
}
-variable "skip_provisioners" {
- type = bool
- description = "Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality."
- default = false
-}
variable "dns_cache" {
type = bool
diff --git a/versions.tf b/versions.tf
index 1d828ffcb..a616508c4 100644
--- a/versions.tf
+++ b/versions.tf
@@ -27,6 +27,10 @@ terraform {
source = "hashicorp/kubernetes"
version = "~> 2.10"
}
+ random = {
+ source = "hashicorp/random"
+ version = ">= 2.1"
+ }
}
provider_meta "google" {
module_name = "blueprints/terraform/terraform-google-kubernetes-engine/v25.0.0"